Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/VqCDAyWFigIjkqzl1KfLu38Ydr0.roa
File:                     VqCDAyWFigIjkqzl1KfLu38Ydr0.roa (raw, json)
Hash identifier:          G1XTkuGT2gXS0YRTt5JXkpwuI1XGCOhTTgCxdEgokb8=
Subject key identifier:   56:A0:83:03:25:85:8A:02:23:92:AC:E5:D4:A7:CB:BB:7F:18:76:BD
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01912168D80A7157C5EFF7CB82740BC4E42A
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/VqCDAyWFigIjkqzl1KfLu38Ydr0.roa
Signing time:             Mon 05 Aug 2024 07:20:04 +0000
ROA not before:           Mon 05 Aug 2024 07:20:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202813
IP address blocks:        185.242.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:21:68:d8:0a:71:57:c5:ef:f7:cb:82:74:0b:c4:e4:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Aug  5 07:20:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56a0830325858a022392ace5d4a7cbbb7f1876bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:61:a6:e6:70:ca:2d:20:ee:57:18:00:fb:76:
                    30:d0:15:b5:52:96:e9:f2:b4:1d:cb:b3:61:78:46:
                    a1:2b:05:46:c1:c9:fc:c7:40:b7:c1:7d:49:bb:9e:
                    2e:43:e0:0d:eb:eb:06:d3:0f:15:69:da:0d:20:5e:
                    58:f9:1f:2e:9d:30:f7:86:8a:97:22:25:ad:1f:78:
                    01:ec:7e:85:ee:df:e8:c9:d5:6c:4f:77:09:c9:a2:
                    a3:ab:e6:3e:3b:25:93:ac:0b:1a:2f:60:3c:ea:0f:
                    f3:70:29:6f:a2:06:68:e6:15:4d:0e:0a:22:d7:99:
                    25:97:b3:e7:87:bc:69:56:11:08:69:31:c0:ec:5b:
                    11:20:7d:d4:6f:00:79:1b:7d:ff:ab:7f:96:78:10:
                    43:9e:6d:0c:0b:da:e2:6c:84:41:00:55:d7:7a:d6:
                    71:a2:df:ed:0a:38:06:65:06:39:5e:13:42:69:08:
                    c2:ee:42:8c:9d:af:22:00:c4:20:7d:47:6d:8f:cf:
                    e7:cf:e0:bd:41:23:f9:f1:63:1b:63:be:6b:50:3b:
                    c5:7e:eb:e8:02:fc:a1:dd:de:f3:c5:ff:aa:cf:61:
                    2c:3d:9f:ad:8a:84:94:c2:e6:61:c4:91:12:1a:e0:
                    45:b8:11:a7:27:d2:07:a8:98:7c:c2:61:75:50:f0:
                    9e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:A0:83:03:25:85:8A:02:23:92:AC:E5:D4:A7:CB:BB:7F:18:76:BD
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/VqCDAyWFigIjkqzl1KfLu38Ydr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:17:4c:12:62:30:f3:0b:e5:24:6b:7a:05:b1:b0:30:29:85:
         92:24:f2:72:65:b5:32:da:b9:30:05:48:ff:69:51:e8:b4:d3:
         c5:cc:ef:1d:85:a7:d8:93:6e:6b:62:1c:9e:f4:66:e0:2b:4e:
         a6:59:12:5d:ae:c4:d7:b5:71:1c:77:35:b9:1e:7e:f7:29:e2:
         b8:b6:12:0e:6a:0e:84:5e:1b:64:91:ca:4e:3e:12:13:0a:1c:
         9b:9c:0e:71:38:ec:5c:d4:53:ed:16:ca:1b:9f:aa:22:64:22:
         b7:ab:63:40:d8:98:c6:9f:c0:bc:9f:d8:04:8e:1e:1b:69:88:
         e3:2a:41:b2:c4:a7:84:60:49:08:33:1c:a8:ed:0c:6a:1f:cb:
         40:03:00:5d:a6:e5:90:eb:15:be:d4:06:cb:54:ad:05:7f:ad:
         20:16:2f:53:73:a7:42:81:80:c4:41:ed:b4:e0:d5:ea:d7:5b:
         d2:57:0f:a2:44:41:bf:1a:30:ae:23:a3:2c:b1:5a:d3:d9:8a:
         2d:e9:b3:53:cd:cc:74:ea:71:c6:da:30:25:05:56:c4:ab:55:
         e0:b5:69:cd:6c:e0:55:fa:a2:85:1c:ca:da:98:b7:5c:e9:53:
         0e:35:dd:68:43:7f:a1:1c:dc:48:ff:61:09:62:3c:a7:86:06:
         4f:45:ab:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEhaNgKcVfF7/fLgnQLxOQqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwODA1MDcyMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmEwODMwMzI1ODU4YTAyMjM5MmFjZTVkNGE3Y2JiYjdmMTg3NmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2mGm5nDKLSDuVxgA+3Yw0BW1Upbp
8rQdy7NheEahKwVGwcn8x0C3wX1Ju54uQ+AN6+sG0w8VadoNIF5Y+R8unTD3hoqX
IiWtH3gB7H6F7t/oydVsT3cJyaKjq+Y+OyWTrAsaL2A86g/zcClvogZo5hVNDgoi
15kll7Pnh7xpVhEIaTHA7FsRIH3UbwB5G33/q3+WeBBDnm0MC9ribIRBAFXXetZx
ot/tCjgGZQY5XhNCaQjC7kKMna8iAMQgfUdtj8/nz+C9QSP58WMbY75rUDvFfuvo
Avyh3d7zxf+qz2EsPZ+tioSUwuZhxJESGuBFuBGnJ9IHqJh8wmF1UPCeJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFaggwMlhYoCI5Ks5dSny7t/GHa9MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvVnFDREF5V0ZpZ0lqa3F6bDFLZkx1MzhZZHIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufKsMA0G
CSqGSIb3DQEBCwUAA4IBAQCRF0wSYjDzC+Uka3oFsbAwKYWSJPJyZbUy2rkwBUj/
aVHotNPFzO8dhafYk25rYhye9GbgK06mWRJdrsTXtXEcdzW5Hn73KeK4thIOag6E
XhtkkcpOPhITChybnA5xOOxc1FPtFsobn6oiZCK3q2NA2JjGn8C8n9gEjh4baYjj
KkGyxKeEYEkIMxyo7QxqH8tAAwBdpuWQ6xW+1AbLVK0Ff60gFi9Tc6dCgYDEQe20
4NXq11vSVw+iREG/GjCuI6MssVrT2Yot6bNTzcx06nHG2jAlBVbEq1XgtWnNbOBV
+qKFHMramLdc6VMONd1oQ3+hHNxI/2EJYjynhgZPRatv
-----END CERTIFICATE-----